The second client-side state feature of ASP.NET we discuss here is the client-side cookie, a
mechanism familiar to most web developers that is added to the HTTP protocol to allow the
web server and web browser to collaborate in storing information on the user’s machine. A
cookie can store site-specific data for a defined period of time, after which the cookie expires.
The cookie time limit is put to use by server-side state mechanisms in ASP.NET, such as session
state, and security mechanisms, such as ASP.NET forms authentication. Both emit cookies to
identify the user and track information related to storing data on the web server or authenticating the user browsing the web site.
The cookie information passed between browser and server is delivered via HTTP headers.
The web server will send down to the browser client an HTTP header named Set-Cookie with
the information it wants the browser to persist on the user’s local machine. The next time the
user visits that site (and only that site), the browser responds with a Cookie HTTP header
containing the locally stored site-specific data, as long as the cookie hasn’t expired.
ASP.NET provides access to outgoing cookies via the Cookies property of the HttpResponse
class. HttpResponse represents the output of the web form and is reached through the Response
property of the Context object, which is available to server controls via the System.Web.UI.Control class.
The Cookies collection is serialized to a set of string values attached to HTTP headers.
The following code adds two differently named cookies representing the first and last
name of one of the authors to the Cookies collection:
each cookie being sent down to the browser:
cookies in a manner identical to the outgoing collection. In our example, when the browser
comes back to the same web form, it will send the cookie information for both cookies in a
single HTTP header named Cookie:
web form:
stored in a cookie is transmitted as part of the web page automatically, unlike a URL string
parameter, which must be continuously refreshed by the programmer, or an HTML hidden
variable, which must be sent via an HTTP POST request for a specific page. The cookie technique
also presents challenges when the user either disables cookies or has problems with maintaining
or deleting them from the local cookie store. Some browsing devices don’t support cookies at
all, so you may have to avoid them entirely as an option for storing state in your controls.
mechanism familiar to most web developers that is added to the HTTP protocol to allow the
web server and web browser to collaborate in storing information on the user’s machine. A
cookie can store site-specific data for a defined period of time, after which the cookie expires.
The cookie time limit is put to use by server-side state mechanisms in ASP.NET, such as session
state, and security mechanisms, such as ASP.NET forms authentication. Both emit cookies to
identify the user and track information related to storing data on the web server or authenticating the user browsing the web site.
The cookie information passed between browser and server is delivered via HTTP headers.
The web server will send down to the browser client an HTTP header named Set-Cookie with
the information it wants the browser to persist on the user’s local machine. The next time the
user visits that site (and only that site), the browser responds with a Cookie HTTP header
containing the locally stored site-specific data, as long as the cookie hasn’t expired.
ASP.NET provides access to outgoing cookies via the Cookies property of the HttpResponse
class. HttpResponse represents the output of the web form and is reached through the Response
property of the Context object, which is available to server controls via the System.Web.UI.Control class.
The Cookies collection is serialized to a set of string values attached to HTTP headers.
The following code adds two differently named cookies representing the first and last
name of one of the authors to the Cookies collection:
Response.Cookies["firstname"] = "Sample"; Response.Cookies["lastname"] = "John";The Cookies collection serialization process generates two Set-Cookie headers, one for
each cookie being sent down to the browser:
Set-Cookie: firstname=Dale; path=/ Set-Cookie: lastname=Michalk; path=/The HttpRequest class has a Cookies collection that allows the developer to read incoming
cookies in a manner identical to the outgoing collection. In our example, when the browser
comes back to the same web form, it will send the cookie information for both cookies in a
single HTTP header named Cookie:
Cookie: firstname=Dale; lastname=MichalkThe following code shows you how to read the two cookies via the Cookies collection on a
web form:
string firstname = Request.Cookies["firstname"]; string lastname = Request.Cookies["lastname"];Common sense dictates that you should not store a large value, because the information
stored in a cookie is transmitted as part of the web page automatically, unlike a URL string
parameter, which must be continuously refreshed by the programmer, or an HTML hidden
variable, which must be sent via an HTTP POST request for a specific page. The cookie technique
also presents challenges when the user either disables cookies or has problems with maintaining
or deleting them from the local cookie store. Some browsing devices don’t support cookies at
all, so you may have to avoid them entirely as an option for storing state in your controls.
Tags:
asp.net